From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id A7FA34A0E8 for ; Thu, 21 Mar 2024 03:55:56 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A2E2868D542; Thu, 21 Mar 2024 05:55:54 +0200 (EET) Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id DF87568D4D7 for ; Thu, 21 Mar 2024 05:55:48 +0200 (EET) Received: by mail.gandi.net (Postfix) with ESMTPSA id 37F25240002 for ; Thu, 21 Mar 2024 03:55:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1710993348; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=O31Pz85g59xVnGDCM7bkJg6oim1neUt5YxWZKfkkvvs=; b=RNSB9MwbHXjHr5Cvf46TZRcCqbGLlPoO0vy0wMcJN+GqZTfquPp9LlbMEoeLoHihIRXSpj K37S0h4KDCh/RT60lUswOa3lPncQ6XDS3TvWX+BnmAF570P8lGNc43rCmFuTC52TSCrZis OtqTOXGjExuN20b8hn/BXht9k50LfjRt0GUynhOPt9F+74O3czyow1nwIJDKdariy4Y0II siSsdqOGGqeKVZfcNm1iN579Gv2S5mV3uWFq4aVEYTomQkHhPhS0a/Fk38y1SC1GvHvqS2 D8J81qE8MvhDUFd+O5zW3iBBNVz3PfyZpiFDvfRN4wpho5Mz3ZHnFigQYHLG3A== Date: Thu, 21 Mar 2024 04:55:46 +0100 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240321035546.GZ6420@pb2> References: <20240321011517.10363-1-michael@niedermayer.cc> <20240321011517.10363-4-michael@niedermayer.cc> <00907e21-57ef-4c45-836b-0535c3755cd0@gmail.com> MIME-Version: 1.0 In-Reply-To: <00907e21-57ef-4c45-836b-0535c3755cd0@gmail.com> X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH 4/4] avformat/iamf: Check language_label X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============1522550480084123106==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============1522550480084123106== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="osBQVHtz+s97vEZ9" Content-Disposition: inline --osBQVHtz+s97vEZ9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 20, 2024 at 11:17:09PM -0300, James Almer wrote: > On 3/20/2024 10:15 PM, Michael Niedermayer wrote: > > Fixes: null pointer dereference > > Fixes: 67023/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6011= 025237278720 > >=20 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz= /tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer > > --- > > libavformat/iamf.c | 7 ++++--- > > 1 file changed, 4 insertions(+), 3 deletions(-) > >=20 > > diff --git a/libavformat/iamf.c b/libavformat/iamf.c > > index 5de70dc082..f2c22ce3aa 100644 > > --- a/libavformat/iamf.c > > +++ b/libavformat/iamf.c > > @@ -89,9 +89,10 @@ void ff_iamf_free_mix_presentation(IAMFMixPresentati= on **pmix_presentation) > > if (!mix_presentation) > > return; > > - for (int i =3D 0; i < mix_presentation->count_label; i++) > > - av_free(mix_presentation->language_label[i]); > > - av_free(mix_presentation->language_label); > > + if (mix_presentation->language_label) >=20 > If count_label is not 0, then language_label should be allocated. >=20 > > + for (int i =3D 0; i < mix_presentation->count_label; i++) > > + av_free(mix_presentation->language_label[i]); > > + av_freep(&mix_presentation->language_label); > > av_iamf_mix_presentation_free(&mix_presentation->mix); > > av_freep(pmix_presentation); > > } >=20 > Can you test the following? >=20 > > diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c > > index cb49cf0a57..e29c2c6b6c 100644 > > --- a/libavformat/iamf_parse.c > > +++ b/libavformat/iamf_parse.c > > @@ -822,6 +822,7 @@ static int mix_presentation_obu(void *s, IAMFContex= t *c, AVIOContext *pb, int le > > mix_presentation->language_label =3D av_calloc(mix_presentation->c= ount_label, > > sizeof(*mix_presentat= ion->language_label)); > > if (!mix_presentation->language_label) { > > + mix_presentation->count_label =3D 0; > > ret =3D AVERROR(ENOMEM); > > goto fail; > > } that works too, i think pointers should be set to NULL on deallocation thou= gh thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Many things microsoft did are stupid, but not doing something just because microsoft did it is even more stupid. If everything ms did were stupid they would be bankrupt already. --osBQVHtz+s97vEZ9 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZfuvwgAKCRBhHseHBAsP q1/cAJ91cBEpvurYmc64yQSQ7NGMDkhJKgCfRTx8nyKgWacer1fqB8AYmym09to= =YjL3 -----END PGP SIGNATURE----- --osBQVHtz+s97vEZ9-- --===============1522550480084123106== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============1522550480084123106==--